Re: [Help-gnutls] Re: GnuTLS vs OpenSSL vs NSS

[Daniel Kahn Gillmor]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu 2007-05-03 12:04:44 -0400, Simon Josefsson wrote:

> devel <address@hidden> writes:

>> Support to hardware accelerator and other devices.
>
> Adding it would be good.

I also think this would be worth including.  openSSL's "engine"
architecture and NSS's "security modules" provide some food for
thought.  I don't know GnuTLS well enough to know if there's a
comparable API for either of these, so i'd very much like to see them
compared by someone knowledgable.

As nice as those frameworks are for encouraging hardware crypto
(smartcard support, etc), i think they also provide yet another place
for security concerns to pop up.  So they're a mixed bag.

You might also want to clarify that this table is comparing *free* TLS
implementations, or else add some non-free implementations to the
list.

Lastly, i'd be very excited if the headers of the various columns
could be links to the specifications of the features to which they
refer.  That could make this page an all-around reference point for
TLS functionality and specifications, which would be great.

Thanks for writing this up, Simon.  It's great.

       --dkg
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.8+ <http://mailcrypt.sourceforge.net/>

iD8DBQFGOhEpiXTlFKVLY2URAqSmAJ4gLGLDuALwda8tZNgN72yFi+K3NQCfQs6U
7QGxhCEszPl7jV2R5u4v21s=
=epTU
-----END PGP SIGNATURE-----